CVE-2025-36593
📋 TL;DR
Dell OpenManage Network Integration versions before 3.8 contain a RADIUS authentication bypass vulnerability where attackers can replay captured protocol messages to forge valid authentication accept responses. This affects organizations using Dell OMNI for network management with RADIUS authentication enabled. Attackers need local network access to exploit this vulnerability.
💻 Affected Systems
- Dell OpenManage Network Integration (OMNI)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain unauthorized administrative access to network management systems, potentially compromising entire network infrastructure, deploying malicious configurations, or exfiltrating sensitive network data.
Likely Case
Unauthorized access to network management interfaces leading to configuration changes, service disruption, or lateral movement within the network.
If Mitigated
Limited impact due to network segmentation, strong access controls, and monitoring that detects anomalous authentication attempts.
🎯 Exploit Status
Requires local network access and ability to capture RADIUS traffic. Attackers need to understand RADIUS protocol to craft replay attacks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.8 or later
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000337238/dsa-2025-257-security-update-for-dell-openmanage-network-integration-omni-vulnerabilities
Restart Required: Yes
Instructions:
1. Download Dell OMNI version 3.8 or later from Dell support site. 2. Backup current configuration. 3. Install the update following Dell's upgrade documentation. 4. Restart the OMNI service or server. 5. Verify authentication functionality.
🔧 Temporary Workarounds
Disable RADIUS Authentication
allTemporarily switch to local authentication or alternative authentication methods until patching is complete.
Refer to Dell OMNI administration guide for authentication configuration changes
Network Segmentation
allRestrict network access to OMNI management interfaces to trusted administrative networks only.
Configure firewall rules to limit access to OMNI ports from authorized IP ranges
🧯 If You Can't Patch
- Implement strict network segmentation to isolate OMNI systems from general network traffic
- Enable detailed logging and monitoring of all authentication attempts and RADIUS protocol messages
🔍 How to Verify
Check if Vulnerable:
Check OMNI version via web interface or CLI. If version is below 3.8 and RADIUS authentication is enabled, system is vulnerable.Check Version:
omni --version or check web interface administration pageVerify Fix Applied:
Confirm OMNI version is 3.8 or higher and test RADIUS authentication functionality.📡 Detection & Monitoring
Log Indicators:
- Multiple failed RADIUS authentication attempts followed by successful login from same source
- Unusual RADIUS protocol message patterns or timestamps
Network Indicators:
- RADIUS traffic from unexpected sources
- Repeated authentication packets with similar characteristics
SIEM Query:
source="omni" AND (event_type="authentication" AND result="success") AND (preceding event_type="authentication" AND result="failure" within 5s)